Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-6480 | 1 Sun | 2 Management\+center, Sunos | 2026-04-23 | N/A |
| The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. | ||||
| CVE-2008-6530 | 1 Ezonescripts | 1 Living Local | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in editimage.php in eZoneScripts Living Local 1.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | ||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2026-04-23 | N/A |
| The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. | ||||
| CVE-2008-0294 | 1 Freeseat | 1 Freeseat | 2026-04-23 | N/A |
| Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | ||||
| CVE-2008-0716 | 1 Symantec | 1 Altiris Notification Server | 2026-04-23 | N/A |
| The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. | ||||
| CVE-2007-4483 | 1 Wordpress | 1 Wordpressclassic | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | ||||
| CVE-2007-4426 | 1 Live For Speed | 1 Live For Speed | 2026-04-23 | N/A |
| Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. | ||||
| CVE-2007-4374 | 1 Rndlabs | 1 Babo Violent | 2026-04-23 | N/A |
| Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | ||||
| CVE-2007-4312 | 1 Php Blue Dragon | 1 Php Blue Dragon Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. | ||||
| CVE-2007-4281 | 1 Knowledgetree | 1 Open Source | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors. | ||||
| CVE-2007-4275 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. | ||||
| CVE-2007-4048 | 1 Phpsysinfo | 1 Phpsysinfo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2007-4022 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. | ||||
| CVE-2007-3984 | 1 Zenturi | 1 Zenturi Programchecker | 2026-04-23 | N/A |
| Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987. | ||||
| CVE-2007-3987 | 1 Junction Quest | 1 Image Racer | 2026-04-23 | N/A |
| SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter. | ||||
| CVE-2007-4396 | 1 Irssi | 1 Irssi | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2008-1804 | 1 Snort | 1 Snort | 2026-04-23 | N/A |
| preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. | ||||
| CVE-2007-3432 | 1 Pluxml | 1 Pluxml | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. | ||||
| CVE-2007-3471 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2007-3803 | 1 Clavister | 1 Clavister Coreplus | 2026-04-23 | N/A |
| The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | ||||